Velociraptor – Endpoint Visibility and Collection Tool
Velociraptor is a tool for amassing host dependent condition info working with Velocidex Query Language (VQL) queries.
To master extra about Velociraptor, examine the documentation on:
https://www.velocidex.com/docs/
If you want to see what Velociraptor is all about simply:
-
Download the binary from the launch web page for your preferred platform (Home windows/Linux/MacOS).
-
Start the GUI
$ velociraptor gui
This will carry up the GUI, Frontend and a area shopper. You can acquire artifacts from the client (which is just working on your own machine) as normal.
When you are prepared for a total deployment, verify out the numerous deployment alternatives at https://www.velocidex.com/docs/acquiring-started
Jogging Velociraptor by way of Docker
To operate a Velociraptor server by means of Docker, observe the directions here: https://github.com/weslambert/velociraptor-docker
Jogging Velociraptor domestically
Velociraptor is also useful as a nearby triage resource. You can create a self contained local collector using the GUI:
-
Start off the GUI as earlier mentioned (
velociraptor gui
). -
Choose the
Server Artifacts
sidebar menu, thenMake Collector
. -
Pick and configure the artifacts you want to obtain tnen decide on the
Uploaded Data files
tab and down load your custom-made collector.
Developing from source
To create from supply, make sure you have a modern Golang mounted from https://golang.org/dl/ (At this time at minimum Go 1.14):
$ git clone https://github.com/Velocidex/velociraptor.git
$ cd velociraptor
# This will construct the GUI things. You will have to have to have node
# put in first. For example on Windows get it from
# https://nodejs.org/en/obtain/ . You also have to have to have JAVA
# put in from https://www.java.com for the reason that the js compiler
# requires it.
$ cd gui/static/
$ npm set up
# If gulp is not on your route you want to operate it employing node:
# node node_modulesgulpbingulp.js compile
$ gulp compile
$ cd -
# This builds a release (i.e. it will embed the GUI files in the
# binary). If you dont care about the GUI a straightforward "make" will
# make a bare debug binary.
$ go run make.go -v launch
$ go run make.go -v windows
If you want to rebuild the protobuf you will want to put in protobuf compiler (This is only necessary when enhancing any *.proto
file):
$ wget https://github.com/protocolbuffers/protobuf/releases/obtain/v3.13./protoc-3.13.-linux-x86_64.zip
$ unzip protoc-3.13.-linux-x86_64.zip
$ sudo mv include things like/google/ /usr/local/incorporate/
$ sudo mv bin/protoc /usr/nearby/bin/
$ go get -u github.com/golang/protobuf/protoc-gen-go/
$ go install github.com/golang/protobuf/protoc-gen-go/
$ go get -u github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway
$ go set up github.com/grpc-ecosystem/grpc-gateway/protoc-gen-grpc-gateway
$ ./make_proto.sh
Obtaining the latest model
We have a pretty repeated release routine but if you see a new element submitted that you are definitely interested in, we would adore to have additional screening prior to the official release.
We have a CI pipeline managed by GitHub steps. You can see the pipeline by clicking the actions tab on our GitHub challenge. There are two workflows:
-
Home windows Examination: this workflow construct a minimum edition of the Velociraptor binary (without the need of the GUI) and operates all the tests on it. We also examination many home windows aid capabilities in this pipeline. This pipeline builds on every single force in every PR.
-
Linux Build All Arches: This pipeline builds comprehensive binaries for a lot of supported architectures. It only runs when the PR is merged into the grasp branch.
If you fork the venture on GitHub, the pipelines will run on your personal fork as very well as extended as you allow GitHub Actions on your fork. If you need to have to put together a PR for a new attribute or modify an existing characteristic you can use this to establish your have binaries for testing on all architectures prior to send out us the PR.
Receiving enable
Queries and comments are welcome at velociraptor-go over@googlegroups.com
You can also chat with us specifically on discord https://www.velocidex.com/discord
File problems on https://github.com/Velocidex/velociraptor
Read through much more about Velociraptor on our weblog:
https://www.velocidex.com/website/
Hang out on Medium https://medium.com/velociraptor-ir